It was bound to happen…was it a problem?

  Along with death and taxes, one of the things that will happen to almost everyone in the UK is losing access to a vital lifeline, aka your mobile phone. And when that happens, are you going to be in for a frantic four-hour session to get back to normal, or will it be relatively easy. … Read More

My top 3 items from the Information Commissioner’s fireside chat

On Tuesday 17 October I was at IAPP’s ‘fireside chat’ with Elizabeth Denham, the Information Commissioner. The top 3 items for me were: GDPR certification – details to be published in early 2018, the ICO is leading the work on this in WP29. The Commissioner thought it should be based on Accountability and mentioned the approach… Read More

How interested do parties need to be?

Early on in the ISO27001:2013 standard, page 1 section 4.2 to be precise, is ‘Understanding the needs and expectations of interested parties’. An organisation needs to determine the parties relevant to their information security management system (ISMS) and what requirements they could have for information security. The standard helpfully notes that requirements may include legal and regulatory… Read More

Wetherspoons stop monthly newsletters – GDPR related?

This morning I received an email from Wetherspoons – I am a customer and did sign up to receive updates – saying they will no longer be sending emails as many consider this intrusive. I agree that some people can find this intrusive, but at the same time think this could be part of their General… Read More

Things to consider when selecting a new office

Thinking of moving to a new location? Here are some security items you should consider when selecting your perfect office. Location Consider neighbourhood public health and safety issues Is there an unacceptably high incidence of crimes against people or property? Will employees feel safe walking alone at night? Do the police or other emergency services have… Read More

GDPR (Data Protection) vs MTD (Tax)

What we know The General Data Protection Regulation (GDPR) will replace the Data Protection Act. Brexit has no impact. The Information Commissioner has said “there may still be questions about how the GDPR would work on the UK leaving the EU but this should not distract from the important task of compliance with GDPR”. This… Read More

Mirror mirror on the wall, who’s the fairest Application and OS of them all

The Computer Vulnerabilities and Exposures (CVE) website provides yearly summaries of application and operating systems vulnerabilities. Having a vulnerability is not the same as it actually being exploited, but the figures provide a useful, if somewhat crude way, of identifying what needs protecting and how this compares to 2015. For anyone that doesn’t want to read much further the… Read More

What the National Cyber Security Strategy means for your business

On 1 November the UK National Cyber Security Strategy 2016-2021 was launched by the Chancellor. It is a £1.9bn programme to make the UK ‘confident, capable and resilient in a fast-moving digital world’ and protect the UK economy and the privacy of its citizens against cyber attacks that are growing more frequent, sophisticated and damaging. It recognises this isn’t “just” an… Read More

Why the silent treatment will not be an option for your business

If your business stores any personal information – and that includes name, email address, and telephone numbers – you need to be aware of the data protection changes that will be enforced from May 2018 when the General Data Protection Regulation (GDPR) replaces the Data Protection Act. A common question is what about the Brexit… Read More

Is cyber crime a threat to SMEs?

With reports of SMEs averaging four cyber crimes every two years and 10% of the population being victims in the past year, it has to be seen as a real threat. But what does this actually mean to a business? The first thing to do is get beyond jargon like phishing, ransomware and DDoS attacks. Cyber… Read More